"InvaIidOperationException" error when you open digitally signed or NDR messages in FIPS-enabled Exchange Server 2007

Symptoms
Assume that you apply Update Rollup 15 in a Microsoft Exchange Server 2007 environment that has Federal Information Processing Standard (FIPS) enabled. Then, you open a digitally signed message, or a Non-delivery report (NDR) message that contains a digital signature in Outlook Web Access. In this situation, you receive the following error message:
Exception
Exception type: System.InvaIidOperationException
Exception message: This implementation is not part of the Windows Platform FIPS validated algorithms.
Cause
This issue occurs because the HMACSHA256 algorithm that is used to decode digitally signed messages in Outlook Web Access is not FIPS compliant, and FIPS is enforced on a computer that runs Outlook Web Access.

Note HMACSHA256 is a kind of keyed hash algorithm that is constructed from the SHA-256 hash function and used as a Hash-based Message Authentication Code (HMAC).
Resolution
To resolve this issue, install Update Rollup 17 for Exchange Server 2007 Service Pack 3.
Workaround
To work around this issue, uninstall Update Rollup 15 for Exchange Server 2007 Service Pack 3, and then revert to the original update version.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Properties

Article ID: 3057222 - Last Review: 06/16/2015 19:08:00 - Revision: 1.0

Microsoft Exchange Server 2007 Service Pack 3

  • kbqfe kbsurveynew kbfix kbexpertiseinter KB3057222
Feedback